Pierre-Olivier Goffard, ISFA, Université de Lyon 1, France
The probability of successfully spending twice the same bitcoins is considered. A double-spending attack consists in issuing two transactions transferring the same bitcoins. The first transaction, from the fraudster to a merchant, is included in a block of the public chain. The second transaction, from the fraudster to himself, is recorded in a block that integrates a private chain, exact copy of the public chain up to substituting the fraudster-to-merchant transaction by the fraudster-to-fraudster transaction. The double-spending hack is completed once the private chain reaches the length of the public chain, in which case it replaces it. The growth of both chains are modeled by two independent counting processes. The probability distribution of the time at which the malicious chain catches up with the honest chain, or equivalently the time at which the two counting processes meet each other, is studied. The merchant is supposed to await the discovery of a given number of blocks after the one containing the transaction before delivering the goods. This grants a head start to the honest chain in the race against the dishonest chain.
The talk is based on the preprint (pdf)